I found this while writing up a separate bug (CPython doesn't use static analysis!).

In modules/posixmodule.c, win32_wchdir uses Py_ARRAY_LENGTH on a wchar_t*:

    wchar_t _new_path[MAX_PATH], *new_path = _new_path;
    int result;
    wchar_t env[4] = L"=x:";

    if(!SetCurrentDirectoryW(path))
        return FALSE;
    result = GetCurrentDirectoryW(Py_ARRAY_LENGTH(new_path), new_path);


...instead of using Py_ARRAY_LENGTH(_new_path), the programmer wrote Py_ARRAY_LENGTH(new_path), doesn't work on pointers:

/* Get the number of elements in a visible array

   This does not work on pointers, or arrays declared as [], or function
   parameters. With correct compiler support, such usage will cause a build
   error (see Py_BUILD_ASSERT_EXPR).

   Written by Rusty Russell, public domain, http://ccodearchive.net/
*/
#define Py_ARRAY_LENGTH(array) \
    (sizeof(array) / sizeof((array)[0]))


The same issue occurs two lines later:

    if (result > Py_ARRAY_LENGTH(new_path)) {



Compiling with /analyze found this quite easily:

c:\pythondev\repo\modules\posixmodule.c(1354): warning C6384: Dividing sizeof a pointer by another value.

Oh, it's a regression introduced by:

changeset:   87516:46aecfc5e374
user:        Victor Stinner <victor.stinner@gmail.com>
date:        Sun Nov 24 19:23:25 2013 +0100
files:       Modules/posixmodule.c
description:
Issue #19636: Fix usage of MAX_PATH in posixmodule.c

New changeset 39ce98d9b6b7 by Victor Stinner in branch '3.5':
Issue #25846: Fix usage of Py_ARRAY_LENGTH() in win32_wchdir()
https://hg.python.org/cpython/rev/39ce98d9b6b7

New changeset e373ec3c2969 by Victor Stinner in branch 'default':
(Merge 3.5) Issue #25846: Fix usage of Py_ARRAY_LENGTH() in win32_wchdir()
https://hg.python.org/cpython/rev/e373ec3c2969

> I found this while writing up a separate bug (CPython doesn't use static analysis!).

Are you aware of the Coverity program? Last time I heard about Coverity, CPython had 0 bug found by Coverity ;-)

> > I found this while writing up a separate bug (CPython doesn't use static analysis!).

The sad part is that Py_ARRAY_LENGTH() is written for static analysis, but it only works with some compilaters, and for example it doesn't work with Visual Studio, the only compiler on Windows officially supported.

The other occurrence is not fixed.

New changeset aba6caf7b9f0 by Victor Stinner in branch '3.5':
Issue #25846: Fix usage of Py_ARRAY_LENGTH() in win32_wchdir() (new try)
https://hg.python.org/cpython/rev/aba6caf7b9f0

> The other occurrence is not fixed.

Oops, right. Good catch. This is what happens when I skip the code review step :-/ Is it better with the second change?

> Are you aware of the Coverity program? Last time I heard about Coverity, CPython had 0 bug found by Coverity ;-)

Yup, see Issue25847.

> The sad part is that Py_ARRAY_LENGTH() is written for static analysis

Sadly, yeah. MSVC, when compiling as C++, should actually catch this, but CPython precludes that.